The invention relates to a method for transmitting data between network nodes of a network in a cryptographically protected manner.
Wireless sensor networks or sensor-actuator networks WSN are very versatile in their applications. For example wireless sensor networks are used for monitoring and controlling production plants, for monitoring and controlling chemical processes, and for monitoring pipelines. In wireless sensor networks the network's sensor nodes communicate wirelessly over a radio interface. Data is transmitted in accordance with a data-transmission protocol. The 802.15.4 protocol, Zig Bee, Wireless HART, and Bluetooth are known data-transmission protocols for transmitting data over a radio interface. Measured values and control commands are exchanged between the sensor nodes by messages.
The data exchanged between the network's nodes is cryptographically protected to prevent the wirelessly transmitted messages from being manipulated by unauthorized third parties. Owing to the limited performance capabilities of network nodes in terms of storage space and compute power in wireless sensor networks in particular, and because of the restricted energy resources, especially when the nodes are battery-operated, there is a need for an efficient security solution.
The transmitted data is conventionally encrypted by a key to secure it. Simple encryption K is not fully secure, however, as a third party has the opportunity to reenter messages in what are termed “replay attacks”. What are termed NONCE values are therefore employed in conventional networks. A NONCE value is a one-off value or, as the case may be, a value that is to be used once only. The NONCE value serves to detect reentered messages (replay attacks). The data, for example measurement data, will then be encrypted by a transmitting node, for example a sensor node, as a function of a key K and a NONCE value. Said NONCE value is referred to also as an initializing vector. The transmitting node sends a message or, as the case may be, frame F to a receiving node within the network. Each NONCE value is used once only in conjunction with each key. The once-only characteristic of the NONCE value used in the received message is therefore checked on the receiving-node side to achieve effective protection from message reentering or, as the case may be, replay attacks. Frequently employed cryptographic methods for protecting data frames, for example in the case of 802.15.4 or WLANs, furthermore require a NONCE value or, as the case may be, an initializing vector not to be allowed to be used more than once with each key. The cryptographic protection would otherwise be diminished. A new key K′ must therefore be set up (re-keying) no later than when the value range for NONCE values is exhausted.
When NONCE values are used for protecting against replay attacks it is, though, necessary for status information about already used NONCE values to be stored on the recipient's side, meaning on a receiving-node side. Because a network can be formed of a multiplicity of nodes and each node has to store associated status information about the NONCE values already used by the respective node for every other node of the network from which it can potentially receive a message or, as the case may be, frame, the result is a heavy load on resources owing to the space needed for storing the status information. The space requirements in each node will be high particularly when there are many end-to-end security relationships between the various nodes in the network and because for each end-to-end security relationship a NONCE value has to be stored in the node.